Apart from being a compliance requirement for 27001, it provides a
detailed view on existing threats, vulnerabilities and provides rating of
risk impact on the organization. A mitigation report defines the action and
controls recommended to either minimize the impact of a given risk or
mitigate it. A risk assessment service is a detailed process and it involves
using Versos subject matter expert to design assessment questionnaire,
conduct the interviews, analyze findings and provide mitigation controls.
Versos regularly updated threat/control database allow our consultant to
prepare the questionnaire in timely manner and benefit from a deep
understanding of each sector threats and vulnerabilities thus guarantees
that the output is industry specific, on time and within project budgets.
Each industry and sector have specific risks and interrupts various
vulnerabilities differently from each other, therefore Versos have been the
vendor of choice for many regional clients to conduct risk assessment due to
its in-depth knowledge of industry best-practices, latest threats and
vulnerabilities and staff expertise.
With Versos complete offering of Risk Management services, risk
assessment can be customized on high-level and focused on specific set of
business need or detailed risk assessment where the involvement of the
entire service offering can be packaged and implemented. Again, based on the
customer objectives our consultant can engaged in a pre-assessment session
to scope the risk assessment and advice whether a detailed or high-level
risk assessment is needed.
Versos risk assessment methodology is designed to effectively,
efficiently and properly identify risks and achieve assessment objectives.
The methodology balances between qualitative and quantitative risk
assessment approach and is structure as follow steps:
- Step 1: Asset Identification
- Step 2: Business Impact Analysis
- Step 3: Threat Likelihood determination
- Step 4: Risk Determination